anonhaven
Ad

CVE-2026-28298

HIGH CVSS 3.1: 8.1 EPSS 0.06%
Updated Mar 31, 2026
Solarwinds
Parameter Value
CVSS 8.1 (HIGH)
Affected Versions before 2026.1.1
Fixed In 2026.1.1
Type CWE-79 (Cross-Site Scripting (XSS))
Vendor Solarwinds
Public PoC No

SolarWinds Observability Self-Hosted was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution.

Attack Parameters

Attack Vector
Adjacent
Requires local network access
Attack Complexity
Low
Easy to exploit
Privileges Required
Low
Basic privileges needed
User Interaction
Required
User action required

Impact Assessment

Confidentiality
High
Complete data leak
Integrity
High
Complete data modification
Availability
None
No disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-79 Cross-Site Scripting (XSS)

Vulnerable Products 1

Configuration From (including) Up to (excluding)
Solarwinds Observability_Self-Hosted
cpe:2.3:a:solarwinds:observability_self-hosted:*:*:*:*:*:*:*:*
 2026.1.1

References 2

https://documentation.solarwinds.com/en/success_center/orionplatform/content/re…
psirt@solarwinds.com
https://www.solarwinds.com/trust-center/security-advisories/CVE-2026-28298
psirt@solarwinds.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-28297

Solarwinds

8.7

CVE-2025-40541

Solarwinds

7.2

CVE-2025-40540

Solarwinds

7.2

CVE-2025-40539

Solarwinds

7.2

CVE-2025-40538

Solarwinds

7.2